Before we begin

and focuses on the last of the steps we usually take with our customers who migrate to the Cloud.

Click on the image to enlarge

Now we will focus more on getting the peace of mind while the workloads are running on Azure.

We will discuss what Managed Services on Azure and Microsoft 365 technically mean, what are the things a managed services provider or an internal IT operations (DevOps, IT) team should do proactively, focusing on aspects like:

Azure governance,

cost control,

security,

efficiency.

Why Peace of Mind?

The real question is:

While your solutions are running in Azure, is there anything you should be doing for your peace of mind?

One could think – “Isn’t the Cloud supposed to (maybe magically) take care of my software solution out of the box?”

The simple answer is while the Cloud offers us a lot of technology which makes IT operations much easier, especially under the Platform as a Service (PaaS) and Serverless offerings, it doesn’t mean that we don’t have to do anything anymore.

During our interactions with large organizations that we’ve helped in the past years to migrate to the Microsoft Cloud (Azure and Microsoft 365), we have discovered the best practices needed for good maintenance.

We have built those best practices in a set of services that we call “Peace of Mind (as a Service)” that include proactive and reactive measures. And in this article, I will discuss the proactive actions we usually take. The reactive actions I am referring to are the usual SLA-based support activities any managed services provider, or IT team already knows about.

Those proactive best practices and actions are grouped into 5 different categories:

Access and Users Experience

Analytics and Monitoring

Governance and Security

Performance and Cost Optimizations

Feature Usage and Roadmap

Further on, we will explore a few of them.

Access and Users Experience

There isn’t much to say here since the title is quite self-explanatory. What is worth mentioning is that there are specific techniques and tools related to authentication and authorization in Azure and Microsoft 365, which should be used properly to get the maximum benefits in a lot of areas, not only security but also cost control and monitoring for example.

This category of actions deals with:

Role Based Access ControlThis is how authorization on Azure resources, Resource Groups and Subscriptions should be done. One should make sure the right people or groups (from Azure Active Directory) have the right access to the right grouping of resources. This can have a tremendous impact not only on security, but also on resources’ organization (avoiding chaos, like a person without the right access being able to delete a resource), and cost control (restricting people which should not be able to create resources in a certain Subscription).

Governance and Cost optimizations

In general, governance can mean a lot of things, but we are thinking mainly of:

Resources organization

Resources security

Auditing

Cost control and optimization

For resources organization, we have to start from understanding the relationships between Tenants, Subscriptions and Resources:

A customer with an Office 365 tenant (domain) will have an associated Azure Active Directory, and an associated Azure tenant. The directory in Azure is the same as the directory in Office 365: Azure AD. All the other Office 365 services (Exchange Online, SharePoint Online, etc.) are using Azure AD for authentication and authorization.

An Azure Subscription is usually a cost center or part of a cost center (in a larger grouping of Subscriptions). There is also a way to group more Subscriptions in a Management Group, for even better organization.

Why is this grouping of resources relevant? Because you can apply your governance conditions, for example using Azure Policies, at the scope that you choose: at a Management Group, or Subscription, or Resource Group. An example would be to limit the types of VMs that can be created in a Management Group (a collection of Subscriptions). Or to limit the VMs in a Subscription to a specific Azure region.

Another advantage of sound grouping of resources is managing cost. First, you will be able to know your costs grouped by:

Cost centers (e.g. Subscriptions or Management Groups)

Usually, a Resource Group contains the resources with together make up a solution (with the exception of course when a solution uses resources that might be shared with other resources).

Type of resources, for example, resources used for testing, or by a certain user.

So cost control is crucial, especially in a pay-as-you-go type of Azure consumption. And it starts with proper allocation and grouping of resources.

Another thing is cost optimization. It can be done through a combination of, at least:

Policies

Alerts

Specific features like Azure Automation, DevTest Labs

Autoscaling

Policies

Setting up Policies like allowed VM types or resource types in general. They can be applied per Resource Group, Subscription, or Management Group.

Alerts

You can configure Azure alerts (from the Azure portal) like:

When a costly (you define what costly means for you) resource is created.

Showing orphaned resources – in combination with some custom code done with Azure Functions or Azure Automation. This is a very typical cost drain: expensive resources which are not being used anymore.

etc.

Or you can define cost/budget related alerts, such as when you’ve reached a spending limit, per resource group or per resource type.

Autoscaling

You can easily define autoscaling rules, so the infrastructure needed by your solution scales up or down, exactly as needed. Autoscaling can be applied easily (from the Portal or through scripting) for many compute resources (VM Scale Sets, Web Apps, etc.), or with some custom work, you can do it for other resource types like SQL Database or CosmosDB.

Conclusion

Managing workloads in Microsoft Cloud is done differently than on-premises.

There are proven ways and best practices for Managed Services on top of the Microsoft Cloud, and while developing our Peace-of-Mindservice offeringswe made sure we incorporate pretty much all of them. For more information about our services around these technologies, browse our website.

For more in-person, in-depth information about this particular topic, you can register for free at for the next edition of our annual Cloud Conference.

If you are interested to explore more on this topic, Mihai talks about how should companies approach Cloud and the best way to migrate the workloads to PaaS in a video series available here.

Mihai TATARANis the General Manager of Avaelgo and CEO of InterKnowlogy. He is also Microsoft Regional Director, Microsoft MVP on Microsoft Azure, Microsoft Azure Insider, and Microsoft Certified Professional. Mihai has been teaching Microsoft technologies courses to software companies in Romania and abroad, being invited by Microsoft Romania to deliver many such trainings for their customers. Mihai has very good experience with large audiences at international conferences: DevReach in Bulgaria, Codecamp Macedonia; TechEd North America 2011, 2012 and 2013 – speaker and Technical Learning Center (Ask the Experts), Windows AzureConf. He is also the co-organizer for the ITCamp conference in Romania.